sachy.dev
1[server]
2# Define route entry points for the tarpit. By default, it is the root, but can
3# include more directories, or the root be excluded for other paths.
4pit_routes = ["/"]
5
6# The socket address the nailpit listens on
7socket_addr = "0.0.0.0:3000"
8
9# The amount of worker threads dedicated to the tarpit. Generating larger payloads
10# will benefit from more threads to balance the generation load better.
11worker_threads = 1
12
13[generator]
14# Input text files to feed the Markov Chain. Uses glob format. Multiple files that are
15# included will be turned into multiple different chains, so generated pages have randomised
16# garbage content to appear different during navigation. The more text provided the better.
17input_files = "input/*.txt"
18
19# The template file for the warning/entry page. A valid warning template will only use {{ title }},
20# {{ main }} and {{ footer }} placeholders.
21warning_template = "templates/warning.html"
22# The content to be rendered in the warning page. Expects plain text, and the first line is rendered as
23# the title. All other text that is separated by line-breaks are rendered as paragraphs.
24warning_message = "templates/message.txt"
25
26# The template file for generated pages. A valid generation template can use all available placeholder types.
27generated_template = "templates/generated.html"
28
29# Minimum amount of words per generated paragraph.
30min_paragraph_size = 128
31# Maximum amount of words per generated paragraph.
32max_paragraph_size = 256
33
34# Maximum amount of links to be rendered in the footer to allow crawlers go deeper into the tarpit.
35# Acts as a form of staggering concurrency, so crawlers don't immediately open hundreds of connections.
36max_pit_links = 5
37
38# Maximum amount of characters in generated headers.
39header_size = 32
40
41# Amount of generated content in Kilobytes to be generated before the page completes. The smaller the payload,
42# the faster the generation, but the bigger the payload, the more resource pressure it applies to web crawlers.
43# Pages are compressed as they are streamed to the client however, so over the wire, this will be smaller.
44payload_size = 32
45
46# Maximum amount of time for a connection to stay alive before being dropped. If configuring for a slow loris
47# attack, you might want to increase this value depending on how much you are delaying your page generation and
48# how big the pages are.
49timeout = 30
50# Minimum amount of delay per generation loop. Used to configure tarpit for slow loris type attacks.
51min_delay = 0
52# Maximum amount of delay per generation loop. Used to configure tarpit for slow loris type attacks.
53# Greater variance between min and max delays creates less predictable delay patterns to disguise the
54# attack
55max_delay = 0
56
57# Size of chunk in bytes to be generated before being streamed to the client. This is for adjusting
58# throughput/latency characteristics of page generation and memory usage characteristics. This setting
59# should be adjusted according to hardware characteristics, but the value below is a fair default if you
60# want to have high throughput. Slow loris attack setups might want to tweak this value to be lower in
61# order to drip feed smaller portions of content to the client.
62chunk_size = 8192
63
64# Adds additional text to a page post generation loop (but before the footer links), useful for
65# adding prompts or static content. More than one bit of static content added here is randomly chosen
66# for rendering on a given generated page.
67prompts = []
68
69[rate_limiting]
70# The kind of rate limiting you want enabled. Options are `no_limit`, `soft_limit` (which introduces a delay
71# to when the content generation starts if hit by too many), `hard_limit` (which drops the connection if too many
72# requests are made), `soft_with_hard_limit` (which combines the two soft and hard modes, delaying at first to then
73# dropping the request after still too many requests).
74type = "soft_limit"
75# The amount of requests needed to hit the soft limiting state. This resets if it hasn't received a request from
76# a client in more than two minutes.
77soft_limit = 200
78# The delay applied to soft limited clients. The delay is in milliseconds.
79soft_delay = 600
80# The amount of requests need to hit the hard limiting state. This setting only takes effect if `hard_limit` is set
81# on the `type` option. If the type option is set to `soft_with_hard_limit`, it is recommended to ensure this value
82# is always greater than the `soft_limit` amount.
83hard_limit = 300
84# If `hard_limit` or `soft_with_hard_limit` is set, then the connection dropping mechanics are set via
85# `drop_behavior`. By default, it is set to `normal` mode, which just terminates with connection with a RATE_LIMITED
86# HTTP status code. If you set to `spicy`, then you have an additional option: `payload`. `payload` accepts a list of
87# strings, which are paths to static compressed files you can send back to the client. It will only accept gzip and
88# brotli compressed files. I don't have to explain why you want statically compressed 'spicy' files to be sent over the wire ;)
89drop_behavior = { mode = "normal" }
90# drop_behavior = { mode = "spicy", payload = ["spicy.gz", "spicy.br"] }
91
92[open_telemetry]
93# The OTEL collector address & port for sending OTEL logs + traces to.
94endpoint = "http://127.0.0.1:4317"
95# The service name that will be used for OTEL logs and trace spans.
96service_name = "nailpit"
97# Enable logging to OTEL collector
98logs = false
99# Enable collecting trace data to OTEL collector. This option imposes a significant overhead, so only
100# enable it if you have the capacity for storing the data, which can be a lot during heavy traffic.
101traces = false